From c53df0aa9cf015f2a0aafdd9ccee14bb4b1a4d06 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Fri, 18 Jul 2025 18:51:10 +0200
Subject: [PATCH] firewall: sync conntrackd entries from other node on startup

---
 roles/firewall/templates/conntrackd.conf.j2 | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/roles/firewall/templates/conntrackd.conf.j2 b/roles/firewall/templates/conntrackd.conf.j2
index 578f00d..0894070 100644
--- a/roles/firewall/templates/conntrackd.conf.j2
+++ b/roles/firewall/templates/conntrackd.conf.j2
@@ -2,9 +2,10 @@
 
 Sync {
 	Mode FTFW {
-	     # Add received rules immediately so we don’t need a
-	     # signal on failover.
-	     DisableExternalCache On
+		# Add received rules immediately so we don’t need a signal on failover.
+		DisableExternalCache yes
+		# Get all connections on startup.
+		StartupResync yes
 	}
 
 	UDP {